DISA went ahead and finally made new STIG checklists and SCAP scan benchmarks with new group Ids and rule Ids. And you have to upgrade the older checklists as newer ones come out of course. BUT the newer checklist Vulnerability IDs and Rule IDs don’t match up one-for-one with old checklists! How do you update them to the new checklist version correctly then? WTF!?!? Enter OpenRMF

What is OpenRMF, and why is it FREE!?

OpenRMF is Open Source Software (OSS) that lets you collaborate on, manage, report, and track your checklists, patch scans, and open items for your Risk Management Framework (RMF) process. It does not do the…


You too can use a combination of Keycloak Roles and Groups in your application stack for a multi-tenant application within a single Keycloak realm. This post explains how I am doing it and may possibly lend information to you to get started doing something similar. I am using Keycloak 10.0.2 for this example.

Image for post
Image for post
Using Keycloak with Groups and Roles for AuthN and AuthZ

Introduction to Multi-Tenancy

Multi-tenancy to me at least is a way to define the authentication and authorization (AuthN and AuthZ) of an application and how it relates inside your code. If your code is multi-tenant (think apartment building) then each user/group/organization can see its data and only its data. But…


When thinking performance, there are some non-complex ways to quickly add great performance to .NET Core Web APIs. I thought I was going to need Redis and another container, networking, complex logic, and a lot of trial and error to get caching APIs to work correctly. Turns out after studying the different ways for a couple hours, it took about 10 minutes of coding to add great performance to my APIs for what I needed! Below is how I did it and some links for safe keeping. You may be able to do the same.

The Idea

Putting it in basic terms…


I have been studying up on, working with, and implementing microservice architectures (MSA) for the last few years. One thing that struck me the other day is that I work with the microservices in MSAs as if they are loosely coupled and can be formed to work cohesively. Ok that works.

However, in my brain at least, each microservice is on its own with that application architecture. If I reuse a microservice (i.e. logging) in another MSA, it is a copy or clone of the microservice (usually a container) inside that MSA. …


You can use a few lines of code and a NuGet package with Prometheus and Grafana to quickly show metrics of your .NET Core 2.2/3 Web APIs. This is how I did it.

Image for post
Image for post
Example API Controller Grafana/Prometheus dashboard with prometheus-net.

Introduction

Let’s say you have a set of Web APIs for your application. And now you want to see the number of requests, 404’s, method calls, and overall usage over time periods for your application. That is fair. And you want to show it as simple graphs or visuals since “a picture is worth 1,000 words” at a quick glance. That makes sense as well.

I recently came…


Image for post
Image for post

This is part 4 in using the power of NATS for a service mesh type of implementation in your application(s). In this installment we are going to talk on load balancing on APIs and services when you have more than 1 service that can answer requests or respond to events. We also discuss routing control as far as canary deployments, A/B testing, and mirroring of requests.

For a quick recap on this series of NATS and service mesh concepts, Part 1 talked on the service mesh in general and service discovery. Part 2 on security. …


Image for post
Image for post
NATS 2.0 found at https://www.nats.io

This is part 3 in my quest to discuss “what can you do with NATS that is similar to service mesh ideas”. There are a lot of articles and talks on service mesh benefits, usage and design. This write-up is to show how to have similar features when using the NATS messaging system as your communication backbone. As with anything dealing with software engineering, there are pros and cons to deciding on languages, infrastructure, and design models. It is always great to have alternatives and new ways of looking to solve problems.

To recap, in my first post on this…


Image for post
Image for post
NATS 2.0 Security with Operators, Accounts, and Users

Continuing the Service Mesh ideas and discussion in my first write-up, the next thing to look at with respect to NATS 2.0 and service mesh ideas to me is in the area of security. The security pieces of a service mesh involve end-to-end encryption (mutual TLS), authentication, authorization policies as well as service-to-service access control among the services. With NATS 2.0 and the introduction of NKeys, JWTs, and the Operator — Account — Users security model, I believe there is a great deal to use toward a more secure communication infrastructure using NATS. …


If you have ever spent time on a team that was going after an Authority to Operate (ATO) to run their system on a Department of Defense (DoD) network in recent years, you probably have seen (or heard about) the Risk Management Framework (RMF). This is put out by the National Institute of Standards and Technologies (NIST). It is a common security framework to improve information security, strengthen the risk management of systems, and encourage agencies to trust ATOs to shorten timelines of systems in use.

And if you have been a part of any of these teams even in…


I love working on Open Source Software (OSS). I like contributing to it. I like the freedom it gives you. I like making it (https://www.openrmf.io). I like using it. And I like the people I meet in person or virtually (twitter, Slack, etc.) that are like-minded in IT but different in their background, sex, race, age, location, and other characteristics. It makes the world smaller. It shows the human side of the IT industry in a great way. It makes me better at my “day job”. And all the while, it gives you some great software to use and try…

Dale Bingham

CTO of Cingulara. Software Geek by trade. Father of three daughters. Husband. Lover of newer tech where it fits. Follow at https://www.cingulara.com/ @cingulara

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store